CVE-2026-3511 is an XML External Entity (XXE) vulnerability in XMLUtils.java of Slovensko.Digital Autogram application. The vulnerability allows remote unauthenticated attackers to conduct Server Side Request Forgery (SSRF) attacks and gain unauthorized access to local files on the filesystem. Exploitation requires victims to visit a malicious website that sends specially crafted XML documents to the /sign endpoint of the local HTTP server. The vulnerability affects the XML processing functionality and can lead to sensitive file disclosure and internal network reconnaissance through SSRF attacks.